PublicDate: 2008-04-09 19:05:00 UTC
Candidate: CVE-2008-1687
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687
Description:
 The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11
 do not quote their output when a file is created, which might allow
 context-dependent attackers to trigger a macro expansion, leading to
 unspecified use of an incorrect filename.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_m4:
upstream_m4: released (1.4.11)
dapper_m4: ignored (reached end-of-life)
edgy_m4: needed (reached end-of-life)
feisty_m4: needed (reached end-of-life)
gutsy_m4: needed (reached end-of-life)
hardy_m4: ignored (reached end-of-life)
intrepid_m4: not-affected (1.4.11-1)
jaunty_m4: not-affected (1.4.11-1)
karmic_m4: not-affected (1.4.11-1)
lucid_m4: not-affected (1.4.11-1)
maverick_m4: not-affected (1.4.11-1)
natty_m4: not-affected (1.4.11-1)
oneiric_m4: not-affected (1.4.11-1)
precise_m4: not-affected (1.4.11-1)
quantal_m4: not-affected (1.4.11-1)
raring_m4: not-affected (1.4.11-1)
devel_m4: not-affected (1.4.11-1)